diff options
author | Matt Caswell <matt@openssl.org> | 2019-10-30 13:20:33 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-11-04 12:49:18 +0000 |
commit | 45b244620a74248b46ebe1c85e86437b9641447a (patch) | |
tree | 30d3ee54273fc439266e6a0436f9251bbd372860 /crypto | |
parent | dcea51afe9e3aec83a0c53f435beec9bc0faa07b (diff) |
Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each
time i2v_GENERAL_NAME gets called it allocates adds data to the passed in
stack and then returns a pointer to the stack, or NULL on failure. If
the passed in stack is itself NULL then it allocates one.
i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets
returned from i2v_GENERAL_NAME. If a stack had already been allocated then
it just leaked it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/v3_alt.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.c index 5d1ece71cb..1feb2d6735 100644 --- a/crypto/x509/v3_alt.c +++ b/crypto/x509/v3_alt.c @@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, { int i; GENERAL_NAME *gen; + STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); + /* + * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes + * wrong we need to free the stack - but only if it was empty when we + * originally entered this function. + */ + tmpret = i2v_GENERAL_NAME(method, gen, ret); + if (tmpret == NULL) { + if (origret == NULL) + sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); + return NULL; + } + ret = tmpret; } - if (!ret) + if (ret == NULL) return sk_CONF_VALUE_new_null(); return ret; } |